Sentinel v0.14.0 - filter expressions!

Greetings everyone!

We are happy to announce the release of version 0.14.0 of the Sentinel runtime.

For the most recent changes, see the release notes:

To download the latest version of the Sentinel CLI, see the downloads page:

This update includes the new filter quantifier expression to allow for filtering of collections according to a common condition.

Additionally, this is the first release that supports Apple’s new requirements for notarization on Gatekeeper. After January 1, 2020, versions 0.14.0 and higher will be the only versions that will be executable on MacOS Catalina and above. You can read more about Gatekeeper and notarization here:

The filter Expression

The major feature in this release is the introduction of the filter expression.

The filter expression is a higher-order quantifier expression similar to any and all, but its purpose is to not reduce a collection down to a single true or false value. Rather, it’s designed to return a filtered collection based on the input data.

This expression is specifically designed to support future versions of Sentinel integrations in Terraform cloud, where, supported by a new filter-friendly API, it will help reduce a large amount of boilerplate.

In the meantime, you can use filter to filter any general map or list. Here are a couple of simple examples:

// filter a fibonacci sequence to extract numbers divisible by 2
l = [1, 1, 2, 3, 5, 8]
filter l as v { v % 2 is 0 }

// filter a map to return elements with a value of "foo"
m = { "a": "foo", "b": "bar" }
filter m as _, v { v is "foo" }

These examples are published with an explanation of the filter expression in the collection operations page in the language reference.

What is the Sentinel Runtime?

The runtime represents the Sentinel language engine and is the technology that is integrated into the enterprise versions of our open source products such as Terraform, Vault, Consul, and Nomad. Updates to the runtime may fix bugs or add features that are generally associated with the language itself and the standard library.

Functionality specifically associated with one product (example: Terraform Cloud and Enterprise’s Terraform-related imports) are updated on a separate schedule and are generally tracked within that product’s release notes.

Watch that product’s release notes as well for when they update the runtime - each product tracks the runtime on different schedules.

What is the Sentinel CLI?

The Sentinel CLI is a command-line interface for developing and testing policies. Having a standard workflow to develop policies is critical for our mission of policy as code. The CLI allows full use of the Sentinel engine, standard library, and supplied mock data to effectively test policies before they are added to a product that integrates Sentinel.

We ship an up-to-date version of the Sentinel CLI for every release of the runtime. To use the newest changes, download the simulator at the downloads page referenced at the start of this message.

Thanks, and we hope you enjoy the release!

Sentinel 0.14.1 has been released. This release addresses an issue with working with selectors when they are the last word on a specific line.

See the release notes and the downloads page for more details!

Sentinel v0.14.2 has been released!

This release brings some code formatting fixes (usually seen when you run sentinel fmt), and a lower-level data fix related to how the runtime exchanges data with imports.

As another note, we have discontinued 32-bit MacOS releases with this update, so going forward, the only version available for MacOS will be the 64-bit one.

See the release notes and the downloads page for more details!

Sentinel v0.14.3 has been released!

This release brings some cosmetic fixes to the sentinel test command, in addition to a bug fix to the sentinel fmt command, and the http import.

See the release notes and the downloads page for more details!

Sentinel v0.14.4 has been released!

This release fixes a minor parser issue, and also allows you to use floating point numbers as durations in the time import, which should help when working with durations as policy parameters.

See the release notes and the downloads page for more details!